opencode-session-reader-cn
v1.0.0读取本地 OpenCode SQLite 数据库并执行跨目录 session 查询的技能,适用于会话检索、消息查看与 schema 检查。
⭐ 0· 95·0 current·0 all-time
byWu Fei@wufei-png
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (read local OpenCode SQLite DB and query sessions/messages/schema) match the SKILL.md and references/schema.md. The instructions focus on read-only queries, schema inspection, and cross-directory session listing which are coherent with the stated purpose.
Instruction Scope
SKILL.md directs the agent to run `opencode db path`, `sqlite3 -readonly`, `find`, and optional utilities like `column` and `date`. These commands are appropriate for local DB inspection, but the skill's metadata did not declare required binaries (opencode, sqlite3, column). The instructions read local DB files (expected) and explicitly warn about sensitive tables (account/control_account). No instructions direct data to external endpoints or attempt modification of the DB (it emphasizes read-only).
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requests no environment variables or credentials. It does rely on filesystem access (XDG_DATA_HOME / $HOME paths) to locate local OpenCode DBs. The README explicitly warns that `account` / `control_account` tables may contain sensitive credentials; this is consistent and appropriately noted. Still: the skill will read locally stored sensitive data if present, so only run in trusted environments.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges or modify agent/system config. Autonomous invocation is allowed by platform default but is not combined with other concerning privileges.
Assessment
This skill appears to do exactly what it says: read-only queries against a local OpenCode SQLite DB. Before using it: (1) ensure the `opencode` CLI and `sqlite3` (and optionally `column`) are available on the host — the SKILL.md assumes these but the registry metadata doesn't list them; (2) be aware it will read local DB files and can expose sensitive fields (the doc explicitly warns `account` / `control_account` may contain credentials); (3) run only on machines you trust and avoid providing this skill with remote filesystem mounts you don't control; (4) if you need stronger guarantees, run the queries manually or inspect the SKILL.md and references/schema.md yourself. No network exfiltration or installation behavior is present in the skill bundle.Like a lobster shell, security has layers — review code before you run it.
latestvk970s66paxmn0h6cb3r4vsnww983g8r3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.